Adobe Flash Player gets sandboxed in Mavericks Safari

Adobe's Flash Player gets more secure in OS X Mavericks after years of fighting malware, vulnerabilities and exploits, thanks to Apple's new App Sandbox feature.

This comes after Apple kept Adobe Flash at a distance by forcibly blocking Flash Player in Safari after security issues were discovered. It's also been shown that refusing to install Flash on a Macbook can significantly improve battery life. Steve Jobs hated it enough to pen a scathing public letter explaining how irrelevant the software was.

Even on the mobile front, Apple refused to allow it on iOS and pushed HTML 5 instead. Over time, Adobe ended Flash Player development for Android and other mobile platforms.

Outlined in a post to Adobe Secure Software Engineering Team (ASSET) blog, the App Sandbox lets Adobe limit the plugin's capabilities to read and write files, as well as what assets Flash Player can access. Safari's browser engine used is Webkit.

A sandbox is a security mechanism used to separate various running programs to "execute untested code, or untrusted programs from unverified third-parties, suppliers, unturned users and untrusted websites," according to UC Berkeley researchers Ian Goldberg, David Wagner, Randi Thomas and Eric Brewer .

Peleus Uhley, Adobe platform security specialist, explained that Flash Player calls on a plugin file. Specifically the com.macromedia.Flash Player. plugin.sb file used to define security permissions in Mavericks' App Sandbox. Network privileges are also limited - Flash will be stopped from talking to external servers and the software can no longer access local connections to device records and IPC channels. Battery life won't be effected either.

"Safari users on OS X Mavericks can view Flash Player content while benefiting from these added security protections," said Uhley. "We'd like to thank the Apple security team for working with us to deliver this solution."

Adobe has effectively deployed some method of sandbox with Google's Chrome, Microsoft's Internet Explorer and Mozilla's Firefox browsers, according to Uhley. Major versions of their Reader and Acrobat programs have also been sandboxed by Adobe.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics